{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2017-20225", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-28T11:42:36.850Z", "datePublished": "2026-03-28T11:58:09.770Z", "dateUpdated": "2026-03-30T15:51:41.449Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:09.770Z"}, "title": "TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability", "descriptions": [{"lang": "en", "value": "TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "ticalc", "product": "TiEmu", "versions": [{"version": "2.08", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/42087", "name": "ExploitDB-42087", "tags": ["exploit"]}, {"url": "http://lpg.ticalc.org/prj_tiemu/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/tiemu-stack-based-buffer-overflow-vulnerability"}], "credits": [{"lang": "en", "value": "Juan Sacco <juan.sacco@kpn.com> at KPN Red Team - http://www.kpn.com", "type": "finder"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2017-05-30T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T15:51:30.324472Z", "id": "CVE-2017-20225", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:51:41.449Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-20225", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-30T15:51:30.324472Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:51:36.819Z"}}], "cna": {"title": "TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Juan Sacco <juan.sacco@kpn.com> at KPN Red Team - http://www.kpn.com"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ticalc", "product": "TiEmu", "versions": [{"status": "affected", "version": "2.08"}]}], "datePublic": "2017-05-30T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/42087", "name": "ExploitDB-42087", "tags": ["exploit"]}, {"url": "http://lpg.ticalc.org/prj_tiemu/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/tiemu-stack-based-buffer-overflow-vulnerability", "name": "VulnCheck Advisory: TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-28T11:58:09.770Z"}}}, "cveMetadata": {"cveId": "CVE-2017-20225", "state": "PUBLISHED", "dateUpdated": "2026-03-30T15:51:41.449Z", "dateReserved": "2026-03-28T11:42:36.850Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-28T11:58:09.770Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ticalc:tiemu:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F44F456-F3A8-414D-B160-9872A9CE733B", "versionEndIncluding": "2.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context."}, {"lang": "es", "value": "TiEmu 2.08 y versiones anteriores contiene una vulnerabilidad de desbordamiento de b\u00fafer basado en pila que permite a los atacantes ejecutar c\u00f3digo arbitrario explotando comprobaciones de l\u00edmites inadecuadas en la entrada proporcionada por el usuario. Los atacantes pueden desencadenar el desbordamiento a trav\u00e9s de argumentos de l\u00ednea de comandos pasados a la aplicaci\u00f3n, aprovechando gadgets ROP para eludir protecciones y ejecutar shellcode en el contexto de la aplicaci\u00f3n."}], "id": "CVE-2017-20225", "lastModified": "2026-04-08T19:49:58.627", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-28T12:16:01.613", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://lpg.ticalc.org/prj_tiemu/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42087"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/tiemu-stack-based-buffer-overflow-vulnerability"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.08"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "TiEmu", "source": "cna", "vendor": "ticalc"}, "product": "tiemu", "vendor": "ticalc"}], "analysis": {"en": {"generated_at": "2026-04-08T21:37:34.383886+00:00", "value": {"mitigation_remediation": ["Upgrade TiEmu to a version newer than 2.08 that contains the stack\u2011based buffer overflow patch.", "If an update is unavailable, limit the use of TiEmu to trusted input sources and avoid launching it with unverified command\u2011line arguments.", "Verify that any scripts or automated tasks invoking TiEmu validate argument lengths to prevent overflow."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is TiEmu for the TI calculator platform, specifically version 2.08 and earlier releases. These versions accept command\u2011line arguments that are not properly validated.", "description_and_impact": "The vulnerability is a stack\u2011based buffer overflow caused by inadequate boundary checks on user\u2011supplied input. It allows an attacker to execute arbitrary code within the TiEmu application context using crafted command\u2011line arguments. This weakness is described as CWE\u2011787, enabling a potential remote code execution scenario that compromises confidentiality, integrity, and availability of systems where the software runs.", "risk_and_exploitability": "The CVSS score of 9.3 indicates high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector involves supplying crafted arguments to TiEmu at launch, allowing an attacker to execute shellcode through ROP gadgets. Exploitation requires local access to the machine running TiEmu and the ability to invoke the program with malicious parameters."}}}}, "created": "2026-03-29T20:32:21.649524+00:00", "updated": "2026-04-09T08:29:32.875917+00:00", "vendors": ["ticalc", "ticalc$PRODUCT$tiemu"]}